[horde] connecting to LDAP
Michael Eichenberger
michael.eichenberger at stepping-stone.ch
Fri Sep 23 02:29:36 PDT 2005
Hi Silver
>It seems that anonymous user can read information about your LDAP-users
>located in 'ou=mail,ou=service,o=example,c=ch'? Isn't it a little dangerous?
>Even if this access is restricted to localhost, when someone gets access to
>your.. let's say phpLDAPadmin, he could see all your users.
>
>
>
Yes, except for the userPassword, which is excluded! Additionally the
Server is secured through netfilters, so that only the Webserver, where
Horde is installed, can access the ldap Server via secure ldap (ldaps).
Nobody has file access to the Horde Webserver. This is probably as
secure as you can get withou patching the different ldap.php Drivers. I
actually am quit happy with this setup :-)
>When I gave such rights in my OpenLDAP also, Horde could authenticate users
>successfully. So setting binding parameters' values to NULL just disables
>binding into LDAP, doesn't it?
>
>
No, first it searches for the user anonymously and once found, tries to
bind withe the correct user and password.
>It seems that this option isn't implemented in Horde yet. And maybe it won't
>be :(
>
>But do you know is it possible in Horde to get user's username and password
>somehow? For setting a'la:
>$conf['auth']['params']['binddn'] = Horde::Auth::getUsername();
>$conf['auth']['params']['password'] = Horde::Auth::getPassword();
>
>
I've tried this, but never got it to work ... I think it's got to do
with the sequence when the configuraton file is read.
>>access to
>>dn.regex="ou=(.+),ou=(.+),ou=webtop,ou=service,o=example,c=ch$"
>> attr=userpassword
>> by dn.regex="ou=$1,ou=$2,ou=webtop,ou=service,o=example,c=ch" write
>> by anonymous auth
>>
>>access to
>>dn.regex="ou=(.+),ou=(.+),ou=webtop,ou=service,o=example,c=ch"
>> by dn.regex="ou=$1,ou=$2,ou=webtop,ou=service,o=example,c=ch" write
>> by anonymous read
>>
>>
Regards, Michael
--
visit: http://www.stepping-stone.ch
--
e-mail: michael.eichenberger at stepping-stone.ch
mobile: +41 76 392 36 23
icq: 238901781
More information about the horde
mailing list